Keep Calm and Study On - Unlock Your Success - Use #TOGETHER for 30% discount at Checkout
Testprep Training

Splunk Phantom Certified Admin Practice Exam

Splunk Phantom Certified Admin 


About Splunk Phantom Certified Admin

Splunk Phantom Certified Admin exam is the final step towards completion of the Splunk Phantom Certified Admin certification track. This highly technical certification exam evaluates a candidate’s knowledge and skills in installing and configuring a Phantom server and integrating it with Splunk. This also includes planning, designing, creating, and debugging Playbooks.

A Splunk Phantom Certified Admin has the ability to install, configure, and use Phantom servers and plan, designs creates, and debugs basic playbooks for Phantom. These highly skilled individuals are well proficient in complex Phantom solution development. They can integrate Phantom with Splunk as well as develop playbooks requiring custom coding and REST API usage. 


Recommended Prerequisite Courses

Candidates for the exam are recommended to complete the lecture, hands-on labs, and quizzes that are part of the course which are:

  • Administering Phantom
  • Developing Phantom Playbooks
  • Advanced Phantom Implementation


Learning Skills/ Important Areas

The following content areas are general guidelines for the content to be included on the exam:

  • Installation/Initial configuration
  • Apps and assets
  • User management
  • Ingesting data
  • Events and containers
  • Mission control
  • Running actions and playbooks
  • Case management/workflows
  • Multi-tenacity
  • Clustering
  • Automation best practices
  • The visual playbook editor
  • Using actions and decisions
  • Using action results
  • Testing and debugging playbooks
  • Using interaction
  • Output formatting
  • Complex logic
  • Interacting with artifacts
  • Using the vault in a playbook
  • Custom lists
  • Integrating Splunk with Phantom 


Course Structure

The Splunk Phantom Certified Admin Exam covers the following topics -

Topic 1: Deployment, Installation, and Initial Configuration 5%

1.1 Describe Phantom operating concepts

1.2 Identify documentation and community resources

1.3 Identify installation and upgrade options

1.4 Describe Phantom architecture

1.5 Configure licenses, administration, and product settings

Topic 2: User Management and Multi-tenancy 5%

2.1 Configure authentication options

2.2 Add users

2.3 Add roles

2.4 Configure multiple tenants in a Phantom site

Topic 3: Apps, Assets, and Playbooks 5%

3.1 Configure apps

3.2 Configure assets

3.3 Configure data ingestion assets

3.4 Configure labels and SLAs

3.5 Manage Playbooks

Topic 4: Analyst Queue 5%

4.1 Use the Analyst Queue

4.2 Use search features

4.3 Create filters

4.4 Use the indicator view

Topic 5: The Investigation Page 10%

5.1 Use the Investigation page to work on events

5.2 Manually run actions and examine action results

5.3 Manually run playbooks

5.4 Use the vault to store related files

Topic 6: Case Management and Workbooks 5%

6.1 Use case management for complex investigations

6.2 Use workbooks

6.3 Mark items as evidence

Topic 7: Customizations 5%

7.1 Customize severity levels

7.2 Customize CEF fields

7.3 Customize status values

7.4 Customize workbooks

7.5 Add global custom fields to containers

Topic 8: System Maintenance 5%

8.1 Run reports

8.2 Use system health displays

8.3 Examine health logs

8.4 Identify steps to back up and restore a Phantom server

Topic 9: Introduction to Playbooks 5%

9.1 Understand automation best practices

9.2 Describe playbook capabilities

9.3 Determine available app actions

9.4 Use I2A2 design methodology

Topic 10: Visual Playbook Editor 5%

10.1 Use the visual playbook editor

10.2 Execute actions from a playbook

10.3 Test new playbooks

Topic 11: Logic, Filters, and User Interaction 5%

11.1 Use decision blocks

11.2 Use filter blocks to process data

11.3 Describe the use of different join options

11.4 Interact with users during playbook execution

Topic 12: Formatted Output and Data Access 5%

12.1 Use Format blocks to structure data

12.2 Understand the structure of action results

12.3 Compose datapaths to access data

12.4 Use the API block to modify containers

Topic 13: Modular Playbook Development 5%

13.1 Design modular solutions with interacting playbooks

13.2 Invoke child playbooks from a parent

13.3 Exchange data between playbooks using artifacts

Topic 14: Custom Lists and Data Routing 5%

14.1 Create custom lists

14.2 Access lists from playbooks

14.3 Use filters to control data flow

Topic 15: Configuring External Splunk Search 5%

15.1 Describe the benefits of externalizing search to Splunk

15.2 Configure the Phantom instance for externalization

15.3 Configure the Splunk instance for externalization

15.4 Use reindex to push existing content to the Splunk instance

15.5 Use the Splunk app for Phantom Reporting

Topic 16: Integrating Phantom into Splunk 10%

16.1 Install the Phantom app for Splunk

16.2 Send Enterprise Security notables to Phantom

16.3 Install and configure the Splunk app in Phantom

16.4 Use Splunk search from playbooks

Topic 17: Custom Coding 5%

17.1 Describe when and when not to use the global block

17.2 Use custom function blocks

17.3 Write and test custom Phantom code

Topic 18: Using REST 5%

18.1 Describe the capabilities of Phantom REST API

18.2 Use Django queries to search for data in Phantom

18.3 Use Phantom REST from other systems to access Phantom data


Exam Pattern 

  • Exam Name: Splunk Phantom Certified Admin
  • Number of Questions: 121
  • Length of Time:  117 minutes
  • Exam Fee: $125 USD 
  • Exam Language: English


What do we offer?

  • Full-length mock test with unique questions in each test set
  • Practice objective questions with section-wise scores
  • An in-depth and exhaustive explanation for every question
  • Reliable exam reports evaluating strengths and weaknesses
  • Latest Questions with an updated version
  • Tips & Tricks to crack the test
  • Unlimited access


What are our Practice Exams?

  • Practice exams have been designed by professionals and domain experts that simulate real time exam scenario.
  • Practice exam questions have been created on the basis of content outlined in the official documentation.
  • Each set in the practice exam contains unique questions built with the intent to provide real-time experience to the candidates as well as gain more confidence during exam preparation.
  • Practice exams help to self-evaluate against the exam content and work towards building strength to clear the exam.
  • You can also create your own practice exam based on your choice and preference 


100% Assured Test Pass Guarantee

We have built the TestPrepTraining Practice exams with 100% Unconditional and assured Test Pass Guarantee! 


Tags: Splunk Phantom Certified Admin Practice Exam, Splunk Phantom Certified Admin Free Test, Splunk Phantom Certified Admin Exam Questions, Splunk Phantom Certified Admin Study Guide